CVE-2024-55228
Published: 27 January 2025
Summary
CVE-2024-55228 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Dolibarr Dolibarr Erp\/Crm. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 30.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2024-55228 by requiring timely remediation of the specific XSS flaw in Dolibarr's Product module Title parameter through patching.
Prevents execution of injected scripts by filtering and encoding output from the Title parameter before rendering in users' browsers.
Blocks crafted XSS payloads by validating and sanitizing inputs to the vulnerable Title parameter in the Product module.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in web app directly enables browser session hijacking and credential theft via script execution in victim browsers.
NVD Description
A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
Deeper analysisAI
CVE-2024-55228 is a cross-site scripting (XSS) vulnerability (CWE-79) in the Product module of Dolibarr version 21.0.0-beta. It allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. The vulnerability has a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and potential for high impacts across confidentiality, integrity, and availability.
An authenticated attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity, though it requires user interaction (UI:R). By injecting a malicious payload into the Title parameter in the Product module, the attacker can execute arbitrary scripts in the context of other users' browsers, potentially leading to session hijacking, data theft, or further compromise given the cross-scope impact (S:C) and high effect on CIA triad components.
Mitigation involves applying patches from Dolibarr repository commits such as 56710ce9b79a97df093f586c90bdaf6cce6a5808, 9aa24d9d9aeab36358c725dae3fe20c9631082e7, and c0250e4c9106b5c889e512a4771f0205d4f99b99. A proof-of-concept is available in the referenced GitHub Gist. Additional guidance is provided in Dolibarr's security policy at https://github.com/Dolibarr/dolibarr/security/policy. Security practitioners should ensure systems are updated beyond v21.0.0-beta.
Details
- CWE(s)